CN107077559B - Verification System reminds terminal and information recording carrier - Google Patents

Abstract

In reminding terminal (121), table generating unit (204) generates the table with the random character string for including in each element.Identification number register portion (205) promotes user discrimination table, registration is used into character string as password and is registered in Resource Server, which is obtained from being arranged with the selecting sequence of user from the character string for including in the element that table extracts with character string.Storage unit (201) storage table.Table is prompted to user by instruction from the user by prompting part (202), and promote will to authenticate the password for the request for using character string as the resource using Resource Server, which is obtained from being arranged with the selecting sequence of user from the character string for including in the element extracted in table with character string.The report that table has been prompted to the message of user can also be sent using transmission unit (203).If the destination of report to be set as to the management server to cooperate with Resource Server, can will be added to the case where having prompted table to user in the condition using the resource of Resource Server.

Description

Verification System reminds terminal and information recording carrier

Technical field

The present invention relates to be suitable for managing by reminding terminal for determining asking for the resource using Resource Server Ask could the Verification System of password, the prompting terminal and be stored with computer as what the prompting terminal worked The non-transitory computer-readable information recording medium of program.

Background technique

Currently, in order to which the resource for determining that Resource Server provides could use, the system for inputting password using user.As Resource provided herein can have the transmitting-receiving of various files and readding for preservation, mail, news, still image, video, music etc. It lookes at and the various forms such as use of audiovisual, various applications.

Here, Resource Server store password itself or unidirectionally breathe out to cipher application to determine to use resource The character string wishing function and being randomized.It is determined for each user referred to as salt (ソ Le ト) in addition, also using attached to password The method of hash function is applied after fixed character string.Using one-way Hash function, password string is not compared certainly Body and the cryptographic Hash of the password of user's input and the cryptographic Hash that is stored in Resource Server are compared, thereby confirm that password It is consistent, authenticated.

In general, Resource Server is runed by various service providers, therefore, the structure of Resource Server or setting sometimes is not Together, it is based on the difference, generates the difference in safety.Therefore, a certain Resource Server will receive attack or employee's leakage sometimes Safety information does not pay attention to due to leakage information because of user itself, causes password leakage.

Here, in the case where utilizing same password in multiple Resource Servers, when one of Resource Server When password leakage, other Resource Servers may also can be by improper access.Therefore, it is desirable to which password is in each Resource Server It is different.

It inputs, attempts to Resource Server in order as password additionally, it is known that having and will be loaded into character string of dictionary etc. The brute force attack of login.Therefore, it is desirable to which password is made of the character string generated at random.But this character string carrys out people It says and is difficult to remember.

Here, as the technology for managing the multiple passwords that are difficult to remember all different for each Resource Server, motion There is technology disclosed in following documents.

Existing technical literature

Patent document

Patent document 1: Japanese Unexamined Patent Publication 2007-108833 bulletin

Patent document 2: International Publication No. WO2012/029776

Problems to be solved by the invention

In these technologies, user inputs a main password or key in the prompting equipment of administrator password, thus obtains The password of each Resource Server.But expectation does not directly input main password or key and obtains each Resource Server and use at present Password, maintain the technology of the randomness of the password of each Resource Server.

Summary of the invention

The present invention is the invention for solving that above-mentioned project, it is intended that provide be suitable for by remind terminal come Management for determines for the resource for utilizing Resource Server request could the Verification System of password, the prompting terminal, And the non-transitory computer-readable information recording medium for being stored with program for making computer work as the prompting terminal.

A technical solution to solve project

Verification System of the invention includes reminding terminal, Resource Server, management server and access terminal,

(A) above-mentioned prompting terminal includes:

Table generating unit generates the table with the character string for including in each element, what above-mentioned character string was randomly generated；

Identification number register portion, makes the table of the above-mentioned generation of user discrimination, and above-mentioned user is promoted to carry out following actions,

(1) element is extracted from the table of above-mentioned identification by the pre-assigned selecting sequence of above-mentioned user, and will be above-mentioned The character string for including in the element of extraction is arranged, and registration character string is thus obtained,

(2) obtained registration is updated with character string or registers or is registered as the user name of the user described recently The password of Resource Server；

Storage unit, the combination and above-mentioned identification of Resource Server name and above-mentioned user name that above-mentioned Resource Server is had Table stored in association；

Prompting part will deposit in association when selecting said combination by the instruction from above-mentioned user with said combination The above-mentioned table of storage is prompted to above-mentioned user, and above-mentioned user is promoted to carry out following actions,

(a) element is extracted from suggested table by the selecting sequence distributed in advance above-mentioned user, and will be extracted Element in include character string arranged, to obtain certification character string,

(b) obtained certification is used to ask by above-mentioned user name using the resource of above-mentioned Resource Server with character string The password asked；

Transmission unit sends the report that the above-mentioned table stored in association with said combination has been prompted to the message of above-mentioned user It accuses,

(B) above-mentioned management server,

When being received by above-mentioned management server from the above-mentioned report that above-mentioned prompting terminal is sent, setting and above-mentioned report phase The corresponding effective period of time of the combination of pass, above-mentioned effective period of time include the time that above-mentioned management server receives above-mentioned report Point,

(C) above-mentioned Resource Server,

When being sent to using the request of the resource of above-mentioned Resource Server from above-mentioned access terminal by above-mentioned user name Above-mentioned Resource Server and password relevant to above-mentioned request in above-mentioned Resource Server for the registration of above-mentioned user name When password is consistent, Xiang Shangshu management server sends inquiry related with above-mentioned user name,

(D) above-mentioned management server,

When above-mentioned inquiry is received by above-mentioned management server, determine permissive condition " in the promoter for above-mentioned inquiry Resource Server server name and the relevant user name of above-mentioned inquiry combination setting effective period of time in, above-mentioned management Server receives above-mentioned inquiry " it is whether true, and the answer for indicating the result of above-mentioned judgement is sent to above-mentioned resource and is taken Business device,

(E) above-mentioned Resource Server,

If above-mentioned answer by above-mentioned Resource Server receive and received answer indicate above-mentioned permissive condition at It is vertical, then it will be used to be sent to above-mentioned access terminal using the response of the resource of above-mentioned Resource Server.

Prompting terminal of the invention is to meet the prompting terminal of the above-mentioned important document (A) of above-mentioned Verification System.This prompting is eventually End will be indicated with the selection based on user and the combined report hair of the table that prompts associated Resource Server name and user name Other equipment are given, it therefore, can be in certification referring to the combination.This prompting terminal for example can be used as security token utilization.

Invention effect

Resource Server is utilized for determining to be directed to according to the present invention it is possible to provide and be suitable for managing by reminding terminal The request of resource could the Verification System of password, the prompting terminal and computer is made to work as the prompting terminal The non-volatile computer readable information recording medium for being stored with program.

Detailed description of the invention

Fig. 1 is the explanatory diagram for indicating the summary of Verification System of the embodiment of the present invention；

Fig. 2 is the explanatory diagram for indicating the summary of prompting terminal of the embodiment of the present invention；

Fig. 3 A is the explanatory diagram indicated the prompting terminal display table of the embodiment of the present invention the case where；

Fig. 3 B is the explanatory diagram indicated the prompting terminal display table of the embodiment of the present invention the case where；

Fig. 4 is the explanatory diagram for indicating the example of selecting sequence of the embodiment of the present invention；

Fig. 5 is explanatory diagram the case where illustrating the information exchange of the Verification System of the embodiment of the present invention；

Fig. 6 is explanatory diagram the case where indicating the browser of the login frame of the embodiment of the present invention；

Fig. 7 is the explanatory diagram indicated the table that the embodiment of the present invention is shown for more new password the case where；

Fig. 8 A is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user；

Fig. 8 B is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user；

Fig. 8 C is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user；

Fig. 8 D is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user；

Fig. 8 E is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user；

Fig. 9 A is the explanatory diagram for indicating the case where new selecting sequence is selected by user；

Fig. 9 B is the explanatory diagram for first situation for indicating to select new selecting sequence by user；

Fig. 9 C is the explanatory diagram for second situation for indicating to select new selecting sequence by user；

Fig. 9 D is the explanatory diagram for indicating to be selected the situation of third of new selecting sequence by user；

Fig. 9 E is the explanatory diagram for the 4th situation for indicating to select new selecting sequence by user；

The explanatory diagram for the case where Figure 10 is the table for indicating to be updated by new selecting sequence；

Figure 11 is the explanatory diagram for indicating the case where updating the front and back of other tables by new selecting sequence.

Specific embodiment

Hereinafter, illustrating embodiments of the present invention.In addition, present embodiment is the embodiment for explanation, do not limit The range of the present application.Therefore, as long as those skilled in the art, then can replace using by these elements or all elements For the embodiment of equivalent, these embodiments are also contained in the scope of the present invention.

Embodiment 1

Fig. 1 is the explanatory diagram for indicating the summary of Verification System of the embodiment of the present invention.Hereinafter, being said referring to this figure It is bright.

The Verification System 101 of the present embodiment includes reminding terminal 121, access terminal 141, Resource Server 161, management clothes Business device 181.Typically, prepare 1 management server 181 relative to multiple Resource Servers 161.But each Resource Server 161 are also configured to realize the function of management server 181 simultaneously, and omit independent management server 181.In addition, making For Resource Server 161, management service can also can be omitted only with the legitimate authentication based on existing user name and password Device 181 itself.

These equipment can via internet, mobile telephone communications network network, Wi-Fi (Wireless Fidelity) etc. are wireless The computer communication networks 191 such as LAN (Local Area Network) are in communication with each other.In addition, Resource Server 161 and management clothes Communication between business device 181 also can use special circuit.Alternatively, it is also possible to implement various encryptions to communication.

Remind terminal 121 that will realize user using the password of the resource of each Resource Server 161 known to the only user The mode that i.e. third party only steals a glance at and cannot snatch password at once is reminded to the function of the user.Typically, as prompting terminal 121, it can use various portable terminals, such as mobile phone, smart phone, tablet computer, PDA (Personal Data Assistant), wearable terminal etc..

Access terminal 141 is the terminal for user using the resource of Resource Server 161.Typically, user is for benefit Resource Server 161 is accessed from the browser acted in access terminal 141 with the resource of Resource Server 161.As connecing Enter terminal 141, can use various desktop computers or x terminal virtual terminal.In addition, also can use as access terminal 141 Equipment identical with terminal 121 is reminded.

Resource Server 161 provides utilizing for resource to user and services.Resource Server 161 is by from access terminal 141 It obtains the password that user input in access terminal 141 and is made whether that there is the certification using permission and determining user could carry out The utilization of resource.In addition, certification also can use the user name inputted in access terminal 141, but access terminal also can be used 141 itself identification information (such as addresses, CPU (Central MAC (Media Access Control) of communication Processing Unit) manufacture number, pre-save the session id contained in the cookie of access terminal 141 etc.) carry out generation For user name.

Resource Server name is distributed to Resource Server 161.Resource Server name as Resource Server 161 by acting as The address the server ID (IDentifier) of computer, such as host name, IP (Internet Protocol), domain name, at The URL (Universal Resource Locator) of window etc. to provide resource is showed.

For management server 181 in the certification that Resource Server 161 carries out, be referred to prompting terminal 121 utilizes shape Condition.

(summary)

Hereinafter, illustrating the summary of typical mode of the invention.Terminal 121 is reminded to correspond to each Resource Server 161 The combination of server name and the user user name used in each Resource Server 161, generation has includes in each element Random character string table and storage.

The table is when user carries out the new registration of account in each Resource Server 161 or user updates each resource service It is generated when the password of the existing account in device 161 by prompting terminal, terminal 121 is reminded to make user discrimination table generated.

In addition, reminding terminal 121 when user will utilize the resource of each Resource Server 161 while entering (Yao Denglu or) Also it is reminded in terminal 121 according to the combination of the selected Resource Server name of user and user name to be stored in user's prompt Table.

The basic mode of the table is only to be managed in prompting terminal 121, content itself is not by each Resource Server 161 or management server 181 know.Although the standby of table can be carried out relative to each Resource Server 161 or management server 181 Part, but in this case, it is desirable to backed up after being suitable for encrypting by table.

User begins to use when reminding terminal 121, determines oneself a selecting sequence.The selecting sequence is being alerted By common use in the full combination that terminal 121 manages.The basic mode of the selecting sequence itself is also that its content itself is not each Resource Server 161 or management server 181 are known.

When user will carry out new registration in a certain Resource Server 161 with a certain user name, terminal 121 is being reminded to input The combination for the user name that the server name of the Resource Server 161 and the user use.Then, it reminds terminal 121 to generate table, makes The user discrimination table.

User extracts element by the selecting sequence itself determined from the table recognized, will include in extracted element Character string arranged.The character string obtained herein is the registration that inputs when new registration relative to the Resource Server with close Code.

For user from 141 access-in resource server 161 of access terminal, input is by discriminating user name and reminds terminal 121 Obtained registration password, carries out the new registration of account.

Accordingly, because the new registration of account is completed, so by table corresponding with the combination of Resource Server name and user name It is stored in the non-volatile memory medium reminded in terminal 121, it, can from now in the resource of Resource Server 161 to be utilized To confirm its content.

When user will utilize the resource of Resource Server 161, Resource Server 161 is selected relative to prompting terminal 121 Resource Server name and user name combination.Then, terminal 121 is reminded to prompt the user with to combine with this and store in association Table.

User extracts element by the selecting sequence itself determined from suggested table, and will be in extracted element Including character string arranged, to learn certification character string.

Then, user accesses the login frame of Resource Server 161 via access terminal 141, by user name and certification word Symbol string is used as Password Input, the request logged in Resource Server 161.

Whether the combination of the username and password of 161 decision request of Resource Server is suitable.The judgement can be using usual Cipher authentication technology.

In addition, reminding terminal 121 to have after having prompted user table corresponding with the combination, by this in the present embodiment Feature of the message report to external equipment.External equipment can learn the owner for reminding terminal 121 also to include as a result, The user name of the combination is logged in the Resource Server 161 of the Resource Server name with the combination.

In the mode for sending the report to management server 181, terminal 121 can will be reminded as security token benefit With.

When management server 181 receives report, the combination of Resource Server name and user name to this report sets packet Effective period of time containing the time point for receiving report.The effective period of time is after for example receiving from receiving report to report Extremely short period such as 5 minutes periods.

On the other hand, it is judged to requesting in the Resource Server 161 for receiving the logging request from access terminal 141 When the group of username and password is combined into suitable, Resource Server 161 sends the resource service of instruction itself to management server 181 The inquiry of device name and the user name to be logged in.

Management server 181 determines whether permissive condition is true when receiving inquiry.In the method, as license item Part, using " by pipe in the effective period of time of the combination setting of Resource Server name relevant for the inquiry and user name Reason server 181 receives the inquiry ".It means that permissive condition establishment is meant essentially that: in user to Resource Server When 161 sending request, by reminding terminal 121 to have viewed the table of Resource Server 161.Moreover, management server 181 will refer to Show and answer whether establishment of permissive condition is sent to Resource Server 161.

Resource Server 161 based on the answer received from management server 181 it is suitable whether and determine whether to utilize The resource of logging request.That is, the combination in username and password is suitable combination, recently shows on reminding terminal 121 In the case where the two conditions establishment for being dispersedly embedded with the table of password, Resource Server 161 allows to utilize resource.Therefore, In this approach, terminal 121 can will be reminded to utilize as security token.

In which, it is expected that the facility information of terminal 121 and using the user itself for reminding terminal 121 will be reminded People's information is registered in advance in management server 181.If guaranteeing the subsidiary personal information in the user for reminding terminal 121 by pipe It manages server 181 to manage, then when to 161 new registration of Resource Server, does not need the personal information of user being transferred to resource Server 161.I.e., it is possible to carry out following utilizations, personal information is managed the management of server 181, as long as in Resource Server 161 In do not generate any accident, just not from management server 181 to the open personal information of Resource Server 161.This is with facilitating Therefore the protection of privacy improves a possibility that user logs in.

In this way, because including random character string in each element of table, the registration character string that will be obtained Or certification is also random with character string, and for each combination producing table of Resource Server name and user name, and therefore, note Volume character string or certification are seldom repeated between Resource Server with character string.

It therefore, can be by random password in multiple Resource Servers if user only stores the selecting sequence of itself It is not repeatedly utilized in 161.

On the contrary, reminding the table of terminal 121 to be stolen a glance at even if reminding terminal 121 stolen or being stored in, as long as not knowing use The selecting sequence at family would not leak the password for each Resource Server 161.It therefore, can safely administrator password.

In addition it is also possible to be connect using plug-in card program is acted in the browser of access terminal 141 by access terminal 141 It receives from being identified the prompting terminal being present near access terminal 141 according to wireless communication or the situation of wire communication This mode of 121 report.Which is readily applicable to that the structure of management server 181, i.e. Resource Server 161 is omitted It is readily applicable to only username and password come by way of determining to request.Aftermentioned which.

Hereinafter, the movement in each portion of the present embodiment is described in detail.

(reminding terminal)

Fig. 2 is the explanatory diagram for indicating the summary of prompting terminal of the embodiment of the present invention.Hereinafter, being illustrated referring to this figure.

Reminding terminal 121 includes storage unit 201, prompting part 202.In addition, also may include hair as omissible element Send portion 203, table generating unit 204, identification number register portion 205, table registration unit 206, receiving unit 207, regular generating unit 208, Quan Gengxin Portion 209.In addition, the restriction shared by mitigating table, the function of the element of omission can also be taken over by management server 181.

In storage unit 201 with Resource Server name possessed by Resource Server 161 and for the Resource Server The combination storage table in association of the user names of 161 access.Information (the various words generated at random are stored in each element of each table Symbol, number, mark, figure, their column etc..).In addition, additional element also is arranged in marge in each table.It can in additional element To include the information generated at random, it can also be determined when registering for the first time by user oneself, also be can be omitted.

The table for being stored in storage unit 201 is shown in the picture for reminding terminal 121 by prompting part 202 based on the selection of user On.In order to make safety highest, which, which is only stored in, reminds terminal 121, does not take with Resource Server 161 and management preferably completely Business device 181 is shared.In this case, if being stored in Resource Server 161 or the backup of management server 181 and reminding terminal 121 Table, then be suitable for implementing to encrypt, even Resource Server 161 or management server 181, as long as not obtained clearly from user For the license from Backup and Restore table and restore required encryption key etc., cannot know table.

On the other hand, as be described hereinafter, although being highest safety, but in order to consider the convenience of user and ensure appropriate Safety height, the shared limitation of table can also be loosened, by prompting terminal 121 and management server 181 cooperation carry out table Backup or password automatically update equal operations.

(table)

Fig. 3 A is the explanatory diagram indicated the prompting terminal display table of the embodiment of the present invention the case where.Fig. 3 B is indicated at this The prompting terminal of inventive embodiments shows the explanatory diagram of the case where table.Hereinafter, being illustrated referring to these figures.

With the server name of each Resource Server 161 and the combination phase of the user name used in the Resource Server 161 The table 301 for being associatedly stored in storage unit 201 is made of the element of regulation line number and columns, such as above-mentioned, is stored in each element There is the information of the character string by reminding terminal 121 to generate at random.

In reminding terminal 121, together with table 301, on picture display by the IP address of Resource Server 161 or (there is " xxx.yyy.com " example the server ID 303 of the performances such as URL in these figures, server ID 303 is equivalent to resource clothes Business device name.), the user accesses the user name 304 that utilizes when the Resource Server 161 (there is example in these figures "john2014".), omissible additional element 305.These information store with being associated in storage unit 201.

In addition, in the following description, in order to keep classical Chinese succinct and be readily appreciated that, with Resource Server name or server ID It is suitable for the combination for illustrating Resource Server name and user name to represent.

In example shown in these figures, table 301 is constituted with 5 rows 5 column.It include random in each element of table 301 in Fig. 3 A 2 character of lowercase of generation.In Fig. 3 B, in each element of table 301 include 1 character of hiragana that generates at random and by its The Roman alphabet pinyin indicated with lowercase.In addition, the display of Roman alphabet pinyin can be omitted.

As illustrated in above-mentioned summary, in the present embodiment, instead of main password in the prior art using to table 301 Each element carries out the selecting sequence of selection.

(selecting sequence)

Fig. 4 is the explanatory diagram for indicating the example of selecting sequence of the embodiment of the present invention.Hereinafter, being illustrated referring to this figure.

In this figure, indicate to select four elements in such a way that the right lower quadrant in table 301 is described along thick black arrow to hook Selecting sequence.In selecting sequence shown in this figure, arranged by the element of 4 rows 2 column, the element of 5 rows 3 column, the element of 4 rows 4 column, 3 rows 5 Element sequence extract four elements.Extracting several elements by which order can be according to the grade or use of the safety of request The suitable change such as the proficiency at family.

When extracting element using selecting sequence shown in Fig. 4 relative to example shown in Fig. 3 A, become " bp " " pp " "js""ld".Become " bpppjsld " if arranging them.It, should in the case where no additional element 305 " bpppjsld " becomes the password of the Resource Server 161 identified by server ID 303.In the example shown in Fig. 3 A, Because being linked with " bpppjsld#X5 " of additional element after " bpppjsld " in the presence of " #X5 " this additional element 305 As password.

It include the character string of lowercase in each element of table 301 in the example shown in Fig. 3 A.But root According to the strategy of Resource Server 161, it is also forbidden to use the password being only made of lowercase sometimes.

Additional element 305 is for corresponding with can be used as the limitation of character type that password utilizes.For example, relative to using equal The Resource Server 161 of this strategy comprising capitalization, lowercase, number, mark passes through as additional element 305 Prepare capitalization, number, mark to be corresponded to.It is such as above-mentioned, additional element 305 can not also be utilized.

When applying selecting sequence shown in Fig. 4 relative to example shown in Fig. 3 B, password becomes " Chi ご わ ".As Password can utilize in the Resource Server 161 of hiragana, as long as by the character string directly as Password Input, but can be used as The type for the character that password utilizes is limited at more can be by letter that ASCII character 32-126 is showed, number, mark.The situation Under, it is shown in the Roman alphabet pinyin arrangement of each element by that will be attached with, obtains password " titagowa ".In turn, in detail in this figure, because To there is additional element 305 " #X5 ", so password becomes " titagowa#X5 ".

In addition, each element of table 301 is not limited to the character string of lowercase, such as it can use capitalization, small letter Mother, number, mark etc., arbitrary information.

In the present embodiment, user is in order to be easy to remember the selecting sequence of user, for the institute for being alerted the management of terminal 121 The mode for having table 301 common repeatedly distributes guidance character not with the position of each element.Guidance character can be omitted.In Fig. 3 A And in example shown in Fig. 3 B, guidance character, which is reduced in the upper right corner of each element with capitalization, to be shown.

Guidance character can must be shown in display table 301, can also be shown based on the instruction of user.For example, When user reminds terminal 121 etc. to assign instruction by shaking, make that character is guided to show several seconds~tens of seconds.

In example shown in Fig. 3 A and Fig. 3 B, capitalization is not repeatedly distributed to 25 elements of 5 rows 5 column.To 4 rows 2 The element of column, the element of 5 rows 3 column, the element of 4 rows 4 column, the element of 3 rows 5 column distribute " D " " I " " C " " E " respectively, and user can also It is stored so that the selecting sequence of oneself is passed through English word " DICE " first.After sufficiently having grasped selecting sequence, do not show Show guidance character, only by index table 301, user can be according to the element in oneself selecting sequence scan table 301.

It is preferably certain to arrange guidance character string obtained from the guidance character relative to the selecting sequence distributed user The character string of storage is easy in degree.For example, reminding terminal 121 to prompt the table of blank when beginning to use prompting terminal 121 Element is selected to user and according to the selecting sequence that user determines.Moreover, remind terminal 121 suitably selected from dictionary or It is determined by user using the number of selected element as the word of length, and being distributed in order the element extracted by selecting sequence should Character contained in word.For other elements, as long as random not repeatedly distribute other characters.

In addition, setting out from a security point, keep password different for each Resource Server, which is preferably not loaded with Character string in dictionary, but user is difficult to remember such a large amount of password.Therefore, as above-mentioned, in this mode, user's storage is certainly Oneself selecting sequence.

Moreover, user browses the table after the table 301 of each Resource Server 161 is shown on picture, by user point The selecting sequence matched extracts element, the content of extracted element is arranged and is suitable for additional additional element 305, by This, obtains password.Each element of table 301 be it is random, therefore, obtained password is preferred random character in safety String.

In the method, the password of each Resource Server 161 be divided and including the selecting sequence based on the user from In the element that table 301 selects, and it is included in additional element 305 as needed.That is, terminal 121 is reminded to believe random secret Breath, which is upset, to be stored in other random fake informations.Therefore, the table 301 on the picture for being shown in and reminding terminal 121 is only stolen a glance at, no It can snatch password.Therefore, random password can safely be managed.

In addition, showing the server name for selecting Resource Server 161 in the example shown in Fig. 3 A and Fig. 3 B Navigation 311, history for retrieving table navigation 312, the navigation 313 for switching user name, navigated by user's operation 311,312, it can switch with the combination of switchable resource server name and user name and to the information of other Resource Servers 161 aobvious The history of table shown or utilized before the Resource Server 161 retrieval.Their UI (User Interface) can be fitted Preferably change.

In the example of this figure, navigation 311,313 is the list box of the display field of server ID 303 or user name 304, When selecting the display field, display is registered in the one of the server ID or the user name in the Resource Server of reminding terminal 121 It lookes at.The navigation 311 of list box is used to open in the case where there are other candidates, indicates (server ID with the triangle of black 303), in the case where no other candidates, (user name 304) is indicated with the triangle of white.User wishes from wherein selection The navigation of prestige.Navigation 312 switches in this when display is for indicating the item of period that table is utilized and clicking or click this The display for the table that period utilizes/non-display.On item in display, cross mark is shown in beginning, on the item of closing, Beginning shows white quadrangle.In addition, can be rolled, can also be watched by carrying out clicking operation or drag operation to picture The not shown history in first view.

The report for the message for having prompted user table 301 is sent to external set by omissible element, that is, transmission unit 203 It is standby.With this configuration, as the necessary condition for accessing a certain Resource Server 161 for user, it can use and take the resource The table 301 of business device 161 is by reminding terminal 121 to be prompted to the user.In the structure, remind terminal 121 close except realization management Outside the effect of code, also worked as certification with token.

The password of each Resource Server 161 and to the selecting sequence of user's distribution on suitable opportunity or based on using The meaning at family is updated.They aftermentioned mode.

(exchange of information)

Fig. 5 is explanatory diagram the case where indicating the exchange of the information of Verification System of the embodiment of the present invention.Hereinafter, referring to this Figure is illustrated.

When user specifies identification information (such as URL) of Resource Server 161 in browser of access terminal 141 etc. (350), access request (351) are sent from access terminal 141 to Resource Server 161.

The Resource Server 161 for receiving access request, as the response for being directed to the access request, to access terminal 141 It sends login frame (352).

The login frame received by access terminal 141 shows (353) in browser of access terminal 141 etc..

Fig. 6 is explanatory diagram the case where indicating the browser of the login frame of the display embodiment of the present invention.Hereinafter, referring to this figure It is illustrated.In the browser 501 of access terminal 141, the URL of Resource Server 161 is shown in URL bar 502, in content bar 503 display login frames 511.User name column 512, password field 513 and login button 514 are configured on login frame 511.In addition, The plug-in unit icon 521 for executing the processing that installed plug-in unit carries out also is shown in browser 501.

Here, user in order to obtain the password of Resource Server 161 and portable terminal etc. start reminder application.In It is that the portable terminal etc. works initially as prompting terminal 121.Selection (354) of the terminal 121 based on user is reminded to remind Prompt (355) to the table 301 etc. of the server name of Resource Server 161 and the combination distribution of user name on the picture of terminal 121.

Moreover, reminding terminal 121 that the report for having prompted user the message such as table 301 is sent (356) to management server 181.Management server 181 is relative to the user and the Resource Server 161, to the Resource Server name and user name of this report Combination setting comprising receive this report time point effective period of time.As effective period of time, such as consider " to receive report After announcement within 5 minutes " etc..

User is by the user name column 512 of the user name input login frame 511 of oneself, and then browse displays are in prompting terminal 121 table 301 etc., the selecting sequence based on oneself obtain certification character string, obtained certification are inputted with character string and is logged in (357) login button 514 is clicked or clicked to the password field 513 of frame 511.

Then, (358) will be sent to Resource Server from access terminal 141 with the logging request of user name and password 161。

The Resource Server 161 for receiving logging request carries out the legitimate authentication based on user name and password, if the conjunction Method authenticates successfully, then inquires that (359) current date is relative to the user and the Resource Server 161 to management server 181 It is no to meet permissive condition.

Here, as above-mentioned, if using permissive condition " relative to the Resource Server name of inquiry and the combination of user name Inquiry is managed server reception in the effective period of time of decision ", then it can be determined that whether user has and risen as security token The prompting terminal 121 of effect.Management server 181 returns to the answer (360) to inquiry to Resource Server 161.

If meeting permissive condition, it is determined as that the user has and the Resource Server 161 is utilized by the user name The permission of resource, Resource Server 161 will authenticate successful message and send (361) to access terminal 141, and user is whole via access End 141 utilizes the resource of (362) Resource Server 161.

When there is the case where answer for the message for being unsatisfactory for permissive condition or the legitimate authentication of username and password failure In the case of, Resource Server 161 sends the message outside effective period of time to access terminal 141.In addition, in the former case, It requests user to start and reminds terminal 121.In this case, user is after starting and reminding terminal 121, from being shown in access terminal 141 login frame 511 again attempts to log in (not shown)

In the case where the legitimate authentication of username and password has failed, Resource Server 161 is sent to access terminal 141 The message of authentification failure.User needs to input user name or password again in the login frame 511 for being shown in access terminal 141 Afterwards, it again attempts to log in (not shown).

In addition it is also possible to carry out permissive condition before the legitimate authentication of user name and password in Resource Server 161 Inquiry/answer.In the case where the establishment using permissive condition is as certification in advance, as be described hereinafter, or: as long as in advance Authenticate it is unsuccessful, then can not access terminal 141 input password.

In the above description, permissive condition " current date packet is inquired from Resource Server 161 to management server 181 Contained in the effective period of time relative to the user and the Resource Server 161 decision " it is whether true, but when can also inquire effective Between section or its own.In this case, management server 181 is answered the effective period of time of newest setting or is not set recently effectively Period.Alternatively, it is also possible to the date received of the inquiry report from Resource Server 161 to management server 181.In this case, Management server 181 answers the time of reception of recently received report or does not receive nearest report, and Resource Server 161 is set The fixed effective period of time to the user.

In this way, in this mode, terminal 121 will be reminded to utilize as security token, but the function also can be omitted.The feelings Under condition, without the decision or judgement of effective period of time, and the legitimate authentication that only username and password carries out is in Resource Server 161 carry out.

(utilization of script)

In addition, also can be used and be based on the login frame 511 in browser 501 for being shown in access terminal 141 etc. The script that asynchronous XML communication technology, that is, AJAX of JavaScript (registered trademark) etc. is obtained, by constituting as follows.

That is,

(1) for script, when inputting character to user name column 512 every time, access terminal 141 is all to Resource Server 161 or management server 181 inquire current date whether relative to have inputted being made of character string for user name column 512 User name effective period of time set by user in.

(2) inquiry from access terminal 141 is answered in inquiry destination.If inquiring that destination is Resource Server 161, Then Resource Server 161 is suitable for carrying out the inquiry of effective period of time, and be based on the content to access terminal to management server 181 141 are answered.

(3a) if in effective period of time, password field 513 is set as editable and visible state by script.

(3b) if outside effective period of time, password field 513 is set as cannot editing or invisible mode by script.

(4) login button 514 is set as inoperable or invisible mode by script, until character string is inputted password field 513 and after having input character string, login button 514 is set as can operating and visible state by script.

In which, if inactive prompting terminal 121, user cannot input password, therefore, can effectively inhibit The unauthorized access of three.

(the automatic starting for reminding terminal)

In the above description, terminal 121 is reminded in the spontaneous starting of user that access Resource Server 161, but passes through utilization It, can in the receive capabilities for the notice that the plug-in unit for the browser 501 that access terminal 141 is acted and portable terminal etc. have Terminal 121 is reminded simply to start.

That is, whether containing for hiding character inputting in the content of URL shown by the plugin monitors of browser 501 Field.The field for example can by content whether include by HTML (HyperText Markup Language) < input The element of type=" password " > label performance identifies.

If click of plug-in unit icon 521 that plug-in unit carries out automatically or with user etc. is held comprising above-mentioned field for opportunity Row is for the processing to the portable terminal transmission notice for realizing prompting terminal 121.Typically, following processing is carried out.

The notice service that plug-in unit prepares the supplier etc. for the OS (Operating System) for providing portable terminal etc. Device sends the purpose user for specifying notice, purpose application and the commission of content of announcement.In addition it is also possible to using plug-in unit to pipe It manages server 181 and issues commission, receive the mode of the 181 access notifications server of management server of commission.In addition, with portable The information of the purpose user of the bindings such as terminal is set by the user when carrying out the installation of plug-in unit.

The portable terminal etc. of the purpose user specified in the notice server identification commission of commission is received, and is notified to this The specified content of announcement of the application of portable terminal etc..

Portable terminal of notice etc. is received to show by content of announcement pop-up display or in being summarised in notice center etc..When When user selects the content of announcement by clicking etc., the application starting of notice starts processing corresponding with content of announcement.

It include the URL for being shown in the content of browser in content of announcement.Therefore, if registered with and the matched clothes of the URL The table 301 of business device ID binding, then remind terminal 121 to be prompted to user.Most briefly, if domain name shown in URL It is consistent with the domain name used as server ID, then it is determined as that URL is matched, but can also be according to the whole consistent or URL of URL In part in addition to optional parameters it is consistent etc., determine whether to match.

If unregistered, remind terminal 121 that can be shown as the warning of unregistered message, user can also be requested to infuse Volume is directed to the table 301 of the Resource Server 161.Request the processing of registration aftermentioned.

In the case where being combined with aforesaid way, if shown in browser for desired Resource Server 161 Login frame 511 is then automatically or manually reminding the display of terminal 121 to be directed to the table 301 of the Resource Server 161.Because of resource Server 161 is unregistered, so user can learn the message in the case where reminding terminal 121 to fail display table 301, And the input to password field 513 and the operation of login button 514 are not can be carried out.Therefore, can effectively inhibit for example to vacation Emit the login of website.

In addition, as be described hereinafter, in user in reminding terminal 121 to have registered comprising current close for Resource Server 161 The case where table 301 of code, updates the password in Resource Server 161 and has carried out for starting to remind the pipe in terminal 121 In the case where the operation of reason, from remind terminal 121 carry out the report of the message, and can carry out the input to password field 513 with And the operation of login button 514.

In addition to this, short distance described below can not also be utilized via notice server to the notice of portable terminal Communication.That is, carrying out short-range communication in the plug-in unit of the browser 501 of the movement of access terminal 141 and portable terminal etc., as needed The opportunity by startup programs such as portable terminals is assigned, portable terminal etc. is made to work as prompting terminal 121.

(Password Input based on short-range communication)

If using reminding terminal 121 and access terminal 141 this case that short-range communication also can be configured to use Family does not pass through manual working input authentication character string, and only selects element in order from the table prompted prompting terminal 121, It is shown in the 513 input authentication character string of user name column 512 and password field of the login frame 511 of access terminal 141.

Firstly, plug-in unit is acted in access terminal 141.The plug-in unit be to browser provide extension function program or Monitor the resident program of the movement of browser.

Plug-in unit monitors access eventually always, intermittently or based on the instruction of the user of the click of plug-in unit icon 521 etc. operation Whether there is the prompting terminal 121 that can carry out short-range communication near end 141.It is being provided here, short-range communication can use Distance in establish wired connection or wireless connection.For example, being wirelessly connected 141 He of access terminal in same WIFI access point The case where reminding terminal 121, access terminal 141 and prompting terminal 121 can be wireless by Bluetooth (registered trademark) or NFC When the case where communication, access terminal 141 and prompting terminal 121 are by direct wired connections such as USB cables, establish close Distance communication.

It reminds terminal 121 when to user's prompt table, which is sent to the access terminal 141 for establishing short-range communication Report.

Receive the login frame 511 shown on the browser of the plug-in unit judgement access terminal 141 of the access terminal 141 of report URL whether matched with the Resource Server name of report, and by its result be sent to remind terminal 121.In turn, access terminal 141 plug-in unit is matched, by the user name column 512 of the user name input login frame 511 of report.

Remind terminal 121 based on receiving from access terminal 141 as a result, if showing on the browser of access terminal 141 The table of the login frame 511 shown by remind terminal 121 be prompted to user, then user carry out selecting every time the table each element or When operation (such as click or the operation of the element of clicks table etc.) of additional element 305, all will include in the element of the selection Character string is sent to access terminal 141.

The plug-in unit of access terminal 141 will input the password field 513 of login frame 511 from the character string for reminding terminal 121 to send. Therefore, terminal 121 is reminded to work as the special keyboard for access terminal 141.

If selecting to complete based on the element that the selecting sequence of oneself carries out, user passes through the login of access terminal 141 Frame 511 operates login button 514.

In which, user needs not go through table and extracts random character string, and does not need to the close of login frame 511 Code column 513 directly inputs certification character string.Therefore, terminal 121 and access terminal 141 is being reminded to establish short-range communication Period, as long as the button or label of each element of display selectively actuatable table 301 and additional element 305, do not need Show the character string for including in these elements.In this case, in order to be easy the position of the grid of each element of confirmation form 301, It can show guidance character, also can be omitted the display of guidance character.

In order to remind terminal 121 to show the character string for including in each element of table 301 and additional element 305 Show, it is also desirable to carry out other assistant authentifications for reminding terminals 121 to be prepared (for example, passing through composition in defined prompting terminal 121 Remind certification or the finger print identifying etc. of the personal identity number of the OS installation of mobile phone of terminal 121 etc..).

In addition to this, it reminds terminal 121 to establish the period of short-range communication in the plug-in unit with access terminal 141, shows Show table 301 but it is also possible to be if cutting short-range communication, as long as reminding 121 assistant authentification of terminal unsuccessful, no Show table 301.

In these modes, even if in the case where reminding terminal 121 stolen, it is also difficult to steal a glance at table itself.

In addition, making to remind terminal 121 as special using the short-range communication of access terminal 141 and prompting terminal 121 In the mode that keyboard works, the element of management server 181 can also be omitted from Verification System 101.

As described above, according to these modes, can by remind terminal 121 safely manage people be not easy to remember it is big The random cipher of amount.

In addition, if using will be in the table for reminding terminal 121 to divide password and be mixed into and be embedded in other elements It has been prompted to user's such case, as the important document of the test for password itself authenticated in advance, then can effectively have been inhibited The brute force attack of password.

In turn, because until by not can be carried out Password Input etc. until reminding terminal 121 that table is prompted to user, from And user can be confirmed and terminal 121 is reminded to be worked as certification with token.

It in addition to this, can be with by by the plug-in unit of the browser of access terminal 141 etc. and the combination of terminal 121 being reminded to utilize It effectively prevent injury caused by personation URL etc..

(variation)

In the above method, access request is sent into Resource Server 161 from access terminal 141, and login frame 511 is by from money Source server 161 is sent into access terminal 141, and user is by Password Input access terminal 141, but the input of password can also be by accessing Certification terminal other than terminal 141 carries out.Certification terminal can be equipment identical with terminal 121 is reminded, and be also possible to difference Equipment.

For example, Resource Server 161 identifies if access request is sent into Resource Server 161 from access terminal 141 The certification terminal of the user name pre-assigned smart phone specified to accessed request etc., and acted in the certification terminal Application send notice.In turn, it on the browser of access terminal 141, carries out picture to be certified and shows.

When user is when certification terminal reacts the notice, in certification terminal starting application, display login frame 511. When user inputs password etc. in the login frame 511 for authenticating terminal, these information are sent into Resource Server 161, are stepped on Record certification.If authenticated successfully, the browser of access terminal 141 shows that the picture for moving to access table is aobvious from picture to be certified Show.Moreover, user can utilize the resource of Resource Server 161 via access terminal 141.

As above-mentioned, in this approach, certification terminal and prompting terminal 121 can be realized in same terminal.That is, if will Notice in relation to access request, which is sent into, reminds terminal 121, then relative to the user name of the Resource Server 161 registration and the money The corresponding table 301 of source server 161 and the input field for inputting password are shown on picture.

User with reminding terminal 121 to watch table 301, inputs password in input field on one side on one side.After the completion of input, user name Resource Server 161 is admitted to from prompting terminal 121 with password.If user can in the certification success of Resource Server 161 With the resource via access terminal 141 using Resource Server 161.

In the case where browser plug-in is utilized, or following mode.That is, aobvious by access terminal 141 Show the stage of login frame 511, if starting plug-in unit, is notified to reminding terminal 121 to send.

If user reacts the notice, relative to the user name of the Resource Server 161 registration and the resource The corresponding table 301 of server 161 is shown on the picture for reminding terminal 121 for inputting the input field of password.

User exists on one side watch table 301 while input field input password.After the completion of input, username and password, which is admitted to, to be connect Enter the browser plug-in of terminal 141.

The username and password received is inputted login frame 511 by browser plug-in, makes the movement of login button 514 (can also By user's operation).Then, logging request is sent from access terminal 141 to Resource Server 161.It is same as described above below.

In this approach, even not providing service premised on reminding the presence of terminal 121 or management server 181 Resource Server 161, only import browser plug-in to access terminal 141, can carry out being utilized the password for reminding terminal 121 Management.

In addition, the certification about username and password, can also entrust to management server using Resource Server 161 181 mode.In this case, username and password is suitable for being sent to management server 181, Resource Server 161 is being managed The success or failure of the inquiry certification of server 181.

(utilizing existing password)

In the above description, each element of table 301 registered in reminding terminal 121 premised on to generate at random, but It does not change and is cryptographically registered to existing Resource Server 161 when reminding terminal 121, as long as such as using following step being It can.

That is,

(1) terminal 121 is reminded to prompt user the table of blank.

(2) user oneself divides the password of existing Resource Server 161, manually writes sky according to the selecting sequence of oneself White table.

(3) after the completion of the write-in of divided password, terminal 121 is reminded to be embedded in the word generated at random in other elements Symbol string.

(4) server ID of the table of completion and existing Resource Server 161 is stored in association and reminds terminal 121 Storage unit 201.

By the step, even if can not also be changed close in the case where there is Resource Server 161 for having set password Code and by the management of the password entrust to remind terminal 121.In this approach, permitted by omitting via management server 181 Can condition carry out certification, arbitrary Resource Server 161 can be corresponded to.

In addition, whether the table for reminding terminal 121 that can also check is sufficiently random.In the low situation of randomness Under, it is expected that making user's Change Password.In addition, completing the stage of the write-in of divided password in user, write-in will have been carried out Element is compared with the element in the registered identical place in the other tables for reminding terminal 121, in duplicate situation, will not Existing password directly uses, and it is expected to promote user's Change Password.

(registration of password updates)

Firstly, needing to regenerate opposite in the management for the password for reminding terminal 121 to start Resource Server 161 In the Resource Server name of Resource Server 161 and the combined table of user name, and the registration character string that will be obtained from the table As identification number register into Resource Server 161.

In addition, then expectation periodically becomes after the management in the password for reminding terminal 121 to start Resource Server 161 More password.Currently, when to server log, when after last time has updated password by certain period of time (such as 90 days), The countermeasure alerted in a manner of Change Password is used, but in Change Password, there is the worry for considering new password again.

Therefore, in this mode, the registration and update of 121 crypto ancillary of terminal are reminded.

That is, reminding the table generating unit 204 of terminal 121 in the new note respectively combined relative to Resource Server name and user name In the case where volume or after having registered and table being stored in storage unit 201, by renewal time section corresponding with the combination When, generate new table.

The typical case of renewal time section but can also be set more from the generation of the table of last time to by until certain period of time New period, such as the advisory frequency according to table.

In new table, also generated at random including the information in each element.In addition, additional element can be specified by user, The information that character types identical with the table currently utilized can also be generated at random can also be still proceeded with and be added using current Element.

Element is extracted with the selecting sequence distributed user, if adding additional element as needed, obtains the resource The registration character string of server 161.

Moreover, identification number register portion 205 prompts table generated in the case where new registration, in the case where more new registration, Identification number register portion 205 prompts the current table and the new table of the Resource Server 161, and promotes new registration or more new registration Password in the Resource Server 161.

The explanatory diagram for the case where Fig. 7 is the table shown for more new password for indicating the embodiment of the present invention.Hereinafter, reference This figure is illustrated.

In the password update of Resource Server 161, multi-request inputs currently used password and new password this two side. Terminal 121 is being reminded, it is expected that being configured to history of the reading for the table of each Resource Server 161.Carrying out password update When, if new and old table can be read simultaneously, the trouble of user can be reduced.

This figure indicates the display example in the prompting terminal based on the more new password of table shown in Fig. 3 A, in table 301 In each element and additional element 305, current element is shown in upper section, and new element is shown in lower section.

In addition, because " current element " is not present, only showing new element in the case where new registration.

In addition, when user manually completes the new registration or more new registration of password in Resource Server 161, if click or Completing button 321 is clicked, then the new table is corresponded to the Resource Server 161 storage to storage unit 201 by table registration unit 206 In.In addition, being stored in the case where more new registration using pervious table as historical information.At this point, can also carry out mentioning The processing of the information encrypted backup in management server 181 for the table that terminal 121 of waking up manages.If clicking or clicking cancel button 322, then cancel update.

In the above description, user carries out the update of password manually, but the selecting sequence of user is self by prompting terminal 121 or management server 181 be managed, if be referred to as needed, remind terminal 121 or management server 181 Access Resource Server 161, thus can also periodically, password is automatically updated.

In addition, will more new password when, can also use following manner: remind terminal 121 that user is made to pass through the user's Selecting sequence clicks the table 301 of Fig. 7 expression, obtains new and old two password as a result, reminds terminal 121 using the new and old of the acquirement Cryptographic acess Resource Server 161, is automatically updated password.

In this case, because acquired in the RAM (Random Access Memory) for reminding terminal 121 temporarily storage Selecting sequence or new and old password, it is desirable to after having updated password, which is deleted.

According to the method, as the password of Resource Server 161, can be used without the random word being loaded in dictionary String is accorded with, and regularly update password to be easy to carry out.

(update of selecting sequence)

According to the present embodiment, the password of each Resource Server can be not only updated individually, can also be updated to user point The selecting sequence matched.This is equivalent to the update of main password described in the prior art.

Firstly, reminding terminal 121 to generate the new guidance character string of user when user will update selecting sequence.Upper It states in example, table 301 is made of 5 rows 5 column, to the uppercase guidance character of each 1 character of Key factor distribution.In the present embodiment, Using the selecting sequence for selecting four elements in order out of table 301.Therefore, as the new guidance character string of user, by 4 character of capitalization is constituted, and generates the mutually unduplicated character string of each character.

It is preferred that guidance character string is changed when updating selecting sequence every time.For example, guidance character string can generate at random.? Dictionary etc. be can use using the spelling for being easy memory.For example, can using be made of the spelling of 4 characters word (such as " SNOW " " MAZE "), can also using words more than 5 characters prefix part (such as " TABLE " prefix " TABL ", The prefix " SCHO " of " SCHOOL ").

In turn, can also by it is above-mentioned that be easy memory spelling candidate user is provided at random it is some after, use Family selects any one.In addition to this, there are also when carrying out the update of selecting sequence every time, user is made to create the side of guidance character string Method.Hereinafter, for easy understanding, being illustrated to as the case where new guidance text string generation " SCHO ".

Moreover, reminding the receiving unit 207 of terminal 121 that will be managed by prompting terminal 121 and each Resource Server 161 The identical line number of table, columns tentative table be prompted to user.Fig. 8 A is to indicate to select currently used selecting sequence by user The explanatory diagram of situation.Hereinafter, being illustrated referring to this figure.

In example shown in this figure, tentative table 551 is made of 5 rows 5 column, in each element, is shown to refer to user Information identical with the element of the table of the Resource Server 161 finally used.

In addition, as shown in this figure, the selection for reminding the receiving unit 207 of terminal 121 to request the user to distribute user is suitable Sequence such as clicks or clicks at the element to select the tentative table 551.Hereinafter, selecting sequence (4 shown in Fig. 4 currently used to user Row 2 column, 5 rows 3 column, 4 rows 4 column, 3 rows 5 column) the case where be illustrated.

Fig. 8 B is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user.As shown in this figure, if User selects initial element (4 rows 2 column) in tentative table 551, then additional to the guidance character in the element generated new Guidance character string initial character " S ".

Fig. 8 C is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user.As shown in this figure, if The second element (5 rows 3 column) are selected in tentative table 551, then to the additional new guidance generated of guidance character in the element The initial character " C " of character string.

Fig. 8 D is the explanatory diagram for indicating the case where selecting the selecting sequence currently illustrated by user.As shown in this figure, if Third element (4 rows 4 column) are selected in tentative table 551, then to the additional new guidance generated of guidance character in the element The initial character " H " of character string.

Fig. 8 E is the explanatory diagram for indicating the case where currently used selecting sequence is selected by user.Hereinafter, referring to these figures It is illustrated.As shown in this figure, if the 4th element (3 rows 5 column) are selected in tentative table 551, to the guidance in the element The initial character " O " of the additional new guidance character string generated of character.

In this way, if selecting the element in tentative table 551 according to current selecting sequence, it is bright in selected element Show the character corresponding with the timing of the element in new guidance character string generated.It therefore, is new selection known to user The new guidance character string sequentially prepared is " SCHO ".

When the input completion of current selecting sequence, user click or click forwarding button 552, receiving unit 207 is to user Prompt the migration table of line number identical with tentative table 551, columns.Fig. 9 A is to indicate the case where new selecting sequence is selected by user Explanatory diagram.As shown in this figure, receiving unit 207 shows migration table 561 on the picture for reminding terminal 121.

Migration table 561 is the table of the blank of 5 rows 5 column, and the selection for reminding terminal 121 that user is requested newly to utilize with user is suitable Sequence such as clicks or clicks at the element of the selection tentative table 561.

Fig. 9 B is the explanatory diagram for first situation for indicating to select new selecting sequence by user.Fig. 9 C be indicate by with Family selects the explanatory diagram of second situation of new selecting sequence.Fig. 9 D is indicate to select new selecting sequence by user The explanatory diagram of three situations.Fig. 9 E is the explanatory diagram for the 4th situation for indicating to select new selecting sequence by user.With Under, it is illustrated referring to these figures.

First as new selecting sequence of element for the position that user selects 1 row 1 to arrange.Then, as shown in Figure 9 B, exist The content of the element (4 rows 2 column) of user's first choice in tentative table 551 is transferred in the element of 1 row 1 column of migration table 561.Separately Outside, also express the initial character " S " of new guidance character string.

Then, second as new selecting sequence of element for the position for selecting 2 rows 2 to arrange.Then, as shown in Figure 9 C, The content for the element (5 rows 3 column) that user second selects in tentative table 551 is transferred in the element that 2 rows 2 of migration table 561 arrange. In addition, also expressing the second character " C " of new guidance character string.

Then, third of the element for the position for selecting 5 rows 5 to arrange as new selecting sequence.Then, as shown in fig. 9d, The content for the element (4 rows 4 column) that user's third selects in tentative table 551 is transferred in the element that 5 rows 5 of migration table 561 arrange. In addition, also expressing the third character " H " of new guidance character string.

Finally, the 4th as new selecting sequence of element for the position for selecting 3 rows 5 to arrange.Then as shown in fig. 9e, exist The content for the element (3 rows 5 column) that user finally selects in tentative table 551 is transferred in the element of 3 rows 5 column of migration table 561.Separately Outside, also express the last character " O " of new guidance character string.

In addition, in this example, the place of the 4th selecting sequence does not change, but the place of first~third selecting sequence becomes Change.In this way, only making a part variation of selecting sequence when updating selecting sequence, whole variations can also be made.

In this way, successively being shown in migration table 561 if selecting element in migration table 561 by new selecting sequence Show referring finally to password, and successively show new guidance character string.Therefore, current selecting sequence can be confirmed in user Input has inerrancy, and the new guidance character string become for storing the auxiliary of new selecting sequence can be confirmed.

Later, terminal 121 is reminded to requry the users whether selecting sequence can be updated.Selecting sequence is desired in user Update in the case where, user select more new button 562.Then, the regular generating unit 208 of terminal 121 is reminded to generate a table Transformation rule.The transformation rule meets following condition.

(s) content for the element extracted by the selecting sequence that user uses in the table of sampling is moved to by blank The element that the selecting sequence that user uses in table is extracted,

(t) content of the element other than the element extracted by above-mentioned pre-assigned selecting sequence is moved to and is answered by above-mentioned Element other than the element that newly assigned selecting sequence is extracted.

The regular instruction of (s) based on user.In the above example, according to regular (s), element moves as follows:

4 rows 2 arrange → 1 row 1 column；

5 rows 3 arrange → 2 rows 2 column；

4 rows 4 arrange → 5 rows 5 column；

3 rows 5 arrange → 3 rows 5 column.

Regular (t) moves remaining element (element other than element contained in the current selecting sequence of user) at random It is dynamic.

Remind the full update section 209 of terminal 121 that the table stored in association with each Resource Server is passed through the generation Transformation rule is updated.That is, all combinations of the server name and user name relative to registered Resource Server Table also includes table contained in past history, is updated together by common transformation rule.After having updated all tables, By updated information back-up to management server 181.

According to the method, the selecting sequence of user can be easily updated.

In addition, letter or hiragana are shown smaller in certain period of time in the corner of grid, by according to display table Number updates and is gradually difficult to see that the display in corner by the time etc. after selecting sequence, can also initially rely on updating The character in corner obtains password, and the character with habit independent of corner extracts from table close according to the selecting sequence of oneself Code.

It, can also be according to becoming in addition, when being shown in the character arrangements in corner of grid according to selecting sequence It is easy the mode of word of memory etc., configures the character in corner.In this case, remind terminal 121 from the selection such as dictionary with it is new The word of the identical number of characters of the length of selecting sequence, the i.e. contained mutually different word of character, it is suitable according to the new selection Sequence is arranged in order the spelling character of the word in the corner of each element, and in other elements by mutually it is unduplicated in a manner of with Machine configures the character not occurred in selected word.

The explanatory diagram for the case where Figure 10 is the table for indicating to be updated by new selecting sequence.This figure is with above-mentioned step to figure The figure of the update selecting sequence of table shown in 3A.

Figure 11 is the explanatory diagram for indicating the case where updating the front and back of other tables by new selecting sequence.This figure is indicated for logical Above-mentioned step is crossed to deposit relative to the combination for the other Resource Server names and user name being stored in same reminder terminal 121 The table of storage also updates the case where selecting sequence together, and table shown in this figure manages the personal identity number of 4 digits.

As shown in these figures, the position of each element of table passes through mutually common conversion between table afterwards before the update Rule switches over.In addition, the switching with transformation rule is independently opened, guidance character is also changed afterwards before the update, but is guided It is common between the table of the configuration of character before the update, and updated table is also common each other.That is, relative to any The table of Resource Server 161 shows which guidance character is common in which position.

For example, obtaining password based on guidance character " DICE " relative to table shown in Fig. 3 A before the update of selection rule " bpppjsld#X5 " obtains password based on guidance character " SCHO " relative to the updated table shown in Fig. 10 of selection rule “bpppjsld#X5”。

It is identical with this, the server name " www.zzz.com " and user name of the Resource Server 161 shown in Figure 11 The combination of " paul ", because obtaining the personal identification of 4 digits based on guidance character " DICE " before updating without additional element Number " 6441 " obtain identical personal identity number " 6441 " based on guidance character " SCHO " after update.

In addition, if the guidance character string relative to selecting sequence is to remind terminal when carrying out the update of selecting sequence 121 are temporarily kept, and the mode eliminated from memory later is constituted, even if then terminal 121 is reminded to be stolen, selecting sequence It will not leak at once.

In which, in the period of the uncomfortable new selecting sequence of user, user may rely on the corner in grid Character obtain password.Based on from update by do not shown when certain period of time or display table 301 guidance character the case where company It is continuous to generate certain number etc., in the case where being judged as that user sufficiently remembers new selecting sequence, character can also will be guided complete Full removal.In this case, not showing currently used guidance character when carrying out the update of selecting sequence of next time.Which In, it can be further improved safety.

(dependence to other Resource Servers)

Above-mentioned mode includes following manner: as the prior certification for the resource using Resource Server 161, with benefit With the table of the Resource Server 161 the case where being shown on reminding terminal 121, collaborated and thing by with management server 181 It first authenticates successfully as condition, the mode of the legitimate authentication based on username and password is carried out on Resource Server 161, is confirmed The mode of legitimate authentication is carried out after setting up to permissive condition.In which, Resource Server 161 is inquired to management server 181 Whether certification succeeds in advance.

Hereinafter, the extension example to which is illustrated.Firstly, in this approach, in the following manner premised on, that is, Before legitimate authentication in Resource Server 161, prior certification of the inquiry from Resource Server 161 to management server 181 is No success, answer from management server 181 to Resource Server 161 in advance authenticate successfully after, from Resource Server 161 Contact whether legitimate authentication succeeds to management server 181.

Later, as the judgement benchmark authenticated in advance in Resource Server X, except " user reads on reminding terminal 121 It is except the table of Resource Server X " or in combination, also using " in the resource service that Resource Server X is relied on On device Y, legitimate authentication success is currently in the Time-Dependent section determined according to the successful date ".Time-Dependent section can be with It is suitable for determining.

Typically, dependent on Resource Server Y Resource Server X in advance authenticate successfully after again carry out be based on provide The legitimate authentication of the password of source server X, but also can be omitted the movement.For example, if legal in Resource Server Y recognize In defined short time period after demonstrate,proving successfully, then in Resource Server X legitimate authentication omit etc. mode.

Alternatively, it is also possible to prior certification setting grade.For example, if in Resource Server Y after legitimate authentication success Defined short time period in, then user only remind terminal 121 read Resource Server X table, legitimate authentication i.e. success, But if section reasonable time process after legitimate authentication success in Resource Server Y, then request is used based on Resource Server X The mode of the legitimate authentication of the input of password etc..

Time-Dependent section can be suitable for determining.For example, Resource Server Y be student read notice from university or For proposing the system in the school of report, Resource Server X is enterprise outside school with respect to the bulletin board system that the student of Mr. Yu university provides In the case where system, " certain student is successfully made legitimate authentication to the Time-Dependent Duan Weicong of Resource Server X in Resource Server Y Time point " extremely " and comprising the legitimate authentication successful time point year last day ".

In addition it is also possible to which the mode of the judgement of permissive condition will be carried out after legitimate authentication and after certification legal recognize in advance The mode of card combines.In the mode for carrying out the judgement of permissive condition after legitimate authentication, if recognized Resource Server 161 is legal Demonstrate,prove it is unsuccessful, then without the inquiry to management server 181.It therefore, there is no need to from Resource Server 161 to management server 181 contact legitimate authentication success or not.

(encryption of time synchronization)

In the mode that terminal 121 will be reminded to be set as keyboard special, in order to improve safety, prompting can also be shared in The cipher mode of time synchronization is carried out between terminal 121 and Resource Server 161.Certain Resource Server 161 can be managed Each user name assigns different seeds, carries out time synchronization by different cipher modes, the user of Resource Server 161 is whole Body can also share the cipher mode that time synchronization is carried out based on a seed.

That is, prompting terminal 121 and Resource Server 161 share the cipher mode of time synchronization.

In reminding terminal 121, table 301 is prompted to user.At this point, including that can be shown in the character string of each element It can hide.When the grid of element of the user based on the selecting sequence whole selection table 301 of oneself, and finally select additional element When 305 grid, remind terminal 121 that the character string and additional element that include in selected element (are also possible to null character String) connection, obtain character string.

Moreover, the character string of connection result is encrypted by above-mentioned time synchronization cipher mode, and as recognizing Card is sent into access terminal 141 with character string.

Therefore, in this mode, every time selection element when, not stopping code column 513, and in selection additional element 305 Just start the character string of element in the table 301 so far selected and the connection of additional element and encryption when grid.

The user interface can change.For example, in the case where short-range communication can be carried out with access terminal 141, It can constitute as follows.That is, preparing the object that the expressions such as " transmission " button input is completed in reminding terminal 121.When user selects After the grid of each element in table 301 whens reselection " transmission " button etc., the character string of the element in table 301 and additional is carried out The connection and encryption of element.

In addition, access terminal 141 is in password when from reminding terminal 121 that certification is sent into access terminal 141 with character string Column 513 inputs the character string.Later processing can be identical as above-mentioned example, immediately can also send login frame after input Enter Resource Server 161.

For Resource Server 161 when receiving request from access terminal 141, the cipher mode based on time synchronization will be to request Specified certification is decrypted with character string.

In the case where successful decryption, using decrypted character string as password, authenticated.

On the other hand, it in the case where decrypting failure, attempts to send untreated password from access terminal 141, be recognized Card.

Alternatively, remind terminal 121 can also be identical as above-mentioned mode, user select every time table 301 each element or When additional element, which is encrypted and is sent into access terminal 141, access terminal 141 fills each encrypted characters string sent To password field 513.

For the decryption of Resource Server 161, by the specified certification character string of the request sent from access terminal 141 Encrypted characters string is distributed to, attempts to decrypt respectively, after whole successful decryptions, they be linked, as password.

Simplest mode is added in such a way that encrypted characters string is without specific separator (such as blank) It is close, and after certification string segmentation is divided with separator, segmentation result is decrypted respectively.

As the encryption technology of time synchronization, simplest encryption technology is as follows.

Firstly, reminding terminal 121 with Resource Server 161 that the seed time of random number is synchronous and sharing.The seed example Such as every few minutes, it at regular intervals, is updated based on defined seed random number more new algorithm.But because two Person when engrave there is a certain error, the input of user expend the time, so remind terminal 121 obtain prompted table when Between the newest and nearest seed v that puts.In Resource Server 161, the newest and nearest of the time point that logging request reaches is obtained Seed u [1], u [2] ..., u [N].The size of N it is also contemplated that the update interval of shared seed, user input time Distribution, various equipment time error etc. determined by experiment.Time synchronization, which refers in 1 or more N integer q below, meets v There are one for the number of=u [q].

Terminal 121 and Resource Server 161 is reminded also to share random number sequence generating algorithm.Random number sequence generating algorithm It identical as above-mentioned seed random number more new algorithm can also be different.If assigning seed p, seed random number can be passed through More new algorithm calculates random number sequence g (p, 1), g (p, 2) ....

In addition, the element or additional element of user's selection table 301 and be included within selected element character string connection, It is obtained as a result, by character s [1], s [2] ... the character string of composition.

Remind terminal 121 relative to k-th of character s [k] calculating character for having linked character string

e(g(v,k),s[k])。

Here, operation e (x, y) meets following relationship relative to aftermentioned operation c (x, z).

Y=c (x, e (x, y))

Such as either one or two of e (x, y) and c (x, z), if being set as the position exclusive or of independent variable, above-mentioned establishment.Except this Except, such as e (x, y)=y+x, c (x, z)=z-x etc., also can use and with difference.In addition, in Resource Server 161 as close In the receivable character set of code, the encryption for keeping character code touring can also be carried out.For example, only allowing 26 alphabetic characters to make For in the Resource Server 161 of password character, as long as the encryption on the basis of ROT13 is used to be set as e (x, y)=ROTx (y), C (x, z)=ROT-x (z).

In addition, having linked character string S as obtained from the selecting of user for the character string that is made of M character

S=(s [1], s [2] ..., s [M]).

Then, encrypted characters string E can be showed as follows.

E=(E [1], E [2] ..., E [M])=(e (g (v, 1), s [1]), e (g (v, 2), s [2]) ..., e (g (v, M), s [M])〕

When Resource Server 161 receives certification with character string E via access terminal 141, in Resource Server, relative to It authenticates and uses character string E N+1 character string r [1] of calculating, r [2] ..., r [N].

R [1]=(c (g (u [1], 1), E [1]), c (g (u [1], 2), E [2]) ..., c (g (u [1], M), E [M]))；

R [2]=(c (g (u [2], 1), E [1]), c (g (u [2], 2), E [2]) ..., c (g (u [2], M), E [M]))；

…；

R [N]=(c (g (u [N], 1), E [1]), c (g (u [N], 2), E [2]) ..., c (g (u [N], M), E [M]))；

Moreover, using N number of character string r [1], r [2] ..., r [N] and certification are with character string E respectively as the candidate of password Carry out cipher authentication.If successfully carrying out cipher authentication by arbitrary character string r [q], the conjunction based on username and password Method authenticates successfully.About N number of character string r [1], r [2] ..., r [N] and certification either one or two of character string E, if cipher authentication Failure, then legitimate authentication also fails.

In addition, the case where successfully carrying out cipher authentication with character string E by certification is considered that user is inputted directly by hand The case where certification is inputted into password field 513 with character string E.Including the method, usually be determined as user pass through hand input And in the case where inputting password, such as mail or short message are sent the pre-registered mobile phone of user by Resource Server 161, promotees 2 phase authentications for keeping its confirmation etc. suitable, can also be improved safety.

In the encryption method, obtain the character s [1] of 1 character every time, when s [2] ..., encrypted, until it is last plus (last encryption can be by selecting additional element to determine, can also be by selection " transmission " button etc. certainly after the completion of close It is fixed.), the value of k is reset to 1, carries out the initialization of cipher mode.

In addition to this, it using the sequence for switching character string by pulling or can be determined that about cipher mode Whether additional test and etc. information the various modes such as encrypt.

In which, by avoiding the communication of original password as far as possible, safety can be improved, such as be also suitable for omitting The structure of the Verification System 101 of management server 181.

(omitting report)

In aforesaid way, remind terminal 121 to the following situation of external equipment report: using remind terminal 121 will with connect down The associated table 301 of the combination of the server name and the user name for access that carry out the Resource Server 161 to be accessed prompts To user, thus, it is possible to make that terminal 121 is reminded to work as security token or keyboard special.

But it is also possible to not reported completely to external equipment using transmission unit 203 is omitted from prompting terminal 121 Mode.The transmission whether reported by transmission unit 203 can also be set to each Resource Server 161.

In the mode for the transmission that do not reported, will only it remind terminal 121 as being used to manage what user cannot remember The equipment utilization of random password.

Even if at this moment, because the table 301 for reminding terminal 121 to show is not shown for logging in Resource Server 161 Password itself, so password will not leak even if table 301 is seen by the third party at once.

Therefore, in this approach, can also the instruction based on user from reminding, terminal 121 is additional to be printed in paper for table 301 On function.If using the paper for being printed with table 301, even if also can in the case where having cut off the power supply for reminding terminal 121 Enough carry out the login to Resource Server 161.In addition, being stepped on using the paper for being printed with table 301 to Resource Server 161 After record, even if the paper is forgotten equal on desk and sees that table 301, password can not leak by the third party at once.

In this way, report could be sent by the setting of the safety grades according to needed for the purposes of user or table could be printed 301, it can neatly correspond to the purposes of user.

(relationship with program)

Prompting terminal 121, access terminal 141, Resource Server 161, the management server 181 of the various embodiments described above can lead to It crosses on the hardware of various computers and executes various programs and realize.

In general, the program for being recorded in non-volatile (non-transitory) information recording carrier is read into work by computer After the RAM (Random Access Memory) of provisional (temporary) storage device, CPU (Central Processing Unit) or processor execute read program contained in instruct.But can be by ROM and RAM one A memory space maps and in the framework that executes, and CPU directly reads to be stored in contained in the program of ROM and instructs and execute.CPU Or processor etc. and RAM etc. collaborate, and control NIC (Network Interface Card) or display, words that the hardware includes The equipment such as cylinder, loudspeaker.

Here, each program can recorde in compact disk, floppy disk, hard disk, photomagneto disk, digital video disc, tape, ROM (Read Only Memory), EEPROM (Electrically Erasable Programmable ROM), flash memory, semiconductor memory Etc. computer-readable non-transitory (non-transitory) information recording carrier.The information recording carrier can be only with each hardware It on the spot issues, sell.

In turn, above-mentioned program can also be mutually independently easy via computer communication network etc. with the computer of execution program The property lost (transitory) transmission medium is distributed to each hardware from distributing device etc..

In addition it is also possible to describe above-mentioned program by the programming language of the behavioral scaling description of circuit.The feelings Under condition, from the various design drawings such as the wiring diagram of above-mentioned Program Generating circuit or time diagram, structure can be created based on the design drawing At the circuit of above-mentioned image processing apparatus.For example, except FPGA (Field Programmable can be passed through according to above procedure Gate Array) technology constitutes on the hardware of Reprogrammable outside above-mentioned image processing apparatus, ASIC can also be passed through (Application Specific Integrated Circuit) dedicated circuit of technological maheup special-purpose.

In this case, remind terminal 121, access terminal 141, Resource Server 161, management server 181 each portion with The mode for executing the processing distributed it constitutes (configure).

(summary)

As mentioned above, this Verification System includes reminding terminal, Resource Server, management server and access eventually End,

(A) above-mentioned prompting terminal includes:

Table generating unit generates the table with the character string for including in each element, what the character string was randomly generated；

Identification number register portion, makes the table of the above-mentioned generation of user discrimination, and above-mentioned user is promoted to carry out following actions,

(1) element is extracted from the table of above-mentioned identification by the pre-assigned selecting sequence of above-mentioned user, and will be mentioned The character string arrangement for including in the element taken, thus obtains registration character string,

(2) obtained registration is updated with character string or registers or is registered as the user name of above-mentioned user above-mentioned recently The password of Resource Server；

Storage unit, the combination and above-mentioned identification of Resource Server name and above-mentioned user name that above-mentioned Resource Server is had Table stored in association；

Prompting part will deposit in association when selecting said combination by the instruction from above-mentioned user with said combination The above-mentioned table of storage is prompted to above-mentioned user, and above-mentioned user is promoted to carry out following actions,

(a) element is extracted from the table of above-mentioned prompt by the selecting sequence distributed in advance above-mentioned user, and will be mentioned The character string for including in the element taken is arranged, to obtain certification character string,

(b) obtained certification is used for the request by above-mentioned user name using the resource of above-mentioned Resource Server with character string Password；

Transmission unit sends the report that the above-mentioned table stored in association with said combination has been prompted to the message of above-mentioned user It accuses,

(B) above-mentioned management server,

When being received by above-mentioned management server from the above-mentioned report that above-mentioned prompting terminal is sent, setting and above-mentioned report phase The corresponding effective period of time of the combination of pass, the effective period of time include the time that above-mentioned management server receives above-mentioned report Point,

(C) above-mentioned Resource Server,

When being sent to using the request of the resource of above-mentioned Resource Server from above-mentioned access terminal by above-mentioned user name Above-mentioned Resource Server and password relevant to above-mentioned request in above-mentioned Resource Server for the registration of above-mentioned user name When password is consistent, Xiang Shangshu management server sends the relevant inquiry of above-mentioned user name,

(D) above-mentioned management server,

When above-mentioned inquiry is received by above-mentioned management server, determine permissive condition " for the hair as above-mentioned inquiry It is above-mentioned in the effective period of time for playing the server name of the Resource Server of person and the combination setting of the relevant user name of above-mentioned inquiry Management server receives above-mentioned inquiry " it is whether true, and the answer for indicating the result of above-mentioned judgement is sent to above-mentioned money Source server,

(E) above-mentioned Resource Server,

If above-mentioned answer is received by above-mentioned Resource Server, the above-mentioned answer that receives indicate above-mentioned permissive condition at It is vertical, then it will be used to be sent to above-mentioned access terminal using the response of the resource of above-mentioned Resource Server.

In addition, can be constituted as follows in this Verification System,

If above-mentioned access terminal and above-mentioned prompting terminal pass through the wired connection established in defined distance or wireless Connection is communicatively coupled, then above-mentioned report is sent to above-mentioned access end via above-mentioned wired connection or above-mentioned wireless connection End,

If utilizing the user name of request of the resource of above-mentioned Resource Server and close for inputting from above-mentioned access terminal Code login frame shown on the picture of above-mentioned access terminal, and above-mentioned prompting terminal selection combined server name be on The server name of Resource Server is stated, then

The combined user name of above-mentioned selection is inputted the user name column of above-mentioned login frame by above-mentioned access terminal,

Above-mentioned prompting terminal makes above-mentioned user select element from the table of above-mentioned prompt,

Above-mentioned prompting terminal obtains transmitting character by being arranged the character string for including in the element of above-mentioned selection String,

Above-mentioned prompting terminal passes transmitting character string obtained above via above-mentioned wired connection or above-mentioned wireless connection It is delivered to above-mentioned access terminal,

The transmitting transmitted from above-mentioned prompting terminal is inputted the password field of above-mentioned login frame by above-mentioned access terminal with character string.

In addition, can be constituted as follows in this Verification System,

The character string for including in each element of above-mentioned table is hidden and prompts above-mentioned table by above-mentioned prompting terminal,

Above-mentioned prompting terminal is by the cipher mode with above-mentioned Resource Server time synchronization, in the element of above-mentioned selection Including character string encrypted, form above-mentioned transmitting character string,

Above-mentioned Resource Server, if after the certification of above-mentioned request is decrypted with character string by above-mentioned cipher mode Resulting to have decrypted character string consistent with the password registered relative to above-mentioned user name, then regards the password of above-mentioned request and opposite as It is consistent in the password of above-mentioned user name registration.

In addition, this prompting terminal is the prompting terminal in above-mentioned Verification System, can constitute as follows,

When above-mentioned user selects above-mentioned element from the table of above-mentioned prompt every time, the word that will include in the element of above-mentioned selection Symbol string passes to above-mentioned access terminal after encrypting by above-mentioned cipher mode,

When transmitting the above-mentioned character string encrypted from above-mentioned prompting terminal every time, above-mentioned access terminal is in above-mentioned login frame The above-mentioned character string encrypted that the above-mentioned transmitting of password field addition inputs comes.

In addition, this prompting terminal can be constituted as follows,

Above-mentioned table is generated, and with random with the different types of type for the character string for including in each element of above-mentioned table Ground generation includes the character in additional element,

Table generated and additional element generated are presented user so that table described in above-mentioned user discrimination,

Above-mentioned registration character string and above-mentioned certification are by by the element of said extracted and described attached with character string The character string for including in element is added to be arranged and respectively obtained.

In this prompting terminal, it can constitute as follows,

After storing above-mentioned table in association with said combination, Resource Server relevant to said combination have passed through When associated renewal time section,

Above-mentioned table generating unit generates new table,

Above-mentioned identification number register portion makes the new table of the above-mentioned generation of above-mentioned user discrimination, and it is following dynamic to promote above-mentioned user to carry out Make,

(1) element is extracted from the new table recognized by the pre-assigned selecting sequence of above-mentioned user, is mentioned above-mentioned The character string for including in the element taken is arranged, to obtain new registration character string,

(2) updating and registering obtained new registration uses character string as user name relevant to said combination In the password of the Resource Server,

The prompting terminal further includes table registration unit, and the table registration unit is deposited with described combine in associated storage unit Store up above-mentioned new table.

In addition, this prompting terminal can be constituted as follows, further includes:

Receiving unit is received from above-mentioned user to the input of the pre-assigned selecting sequence of above-mentioned user and will be to above-mentioned user The input of newly assigned selecting sequence；

Regular generating unit generates following transformation rule when receiving above-mentioned input,

(s) content for the element extracted by above-mentioned pre-assigned selecting sequence is moved to and answers newly assigned choosing by above-mentioned The element that sequence is extracted is selected,

(t) by the content random movement of the element other than the element extracted by above-mentioned pre-assigned selecting sequence to by upper State the element other than the element for answering newly assigned selecting sequence to extract；

Full update section is stored in the table of above-mentioned storage unit by the transformation rule conversion of above-mentioned generation, thus updated storage In all tables of above-mentioned storage unit.

In addition, this prompting terminal can be constituted as follows,

Before being received by above-mentioned receiving unit, generate have with the length equal length of above-mentioned selecting sequence and Guidance character string without duplicate character,

Above-mentioned receiving unit,

(u) by, from table selection element, receiving the input to the pre-assigned selecting sequence of above-mentioned user by above-mentioned user, When each above-mentioned element is selected, the associated word of the selecting sequence in the guidance character string with above-mentioned generation is shown in the element Symbol,

(v) by by above-mentioned user from table select element, receive will to the input of the newly assigned selecting sequence of above-mentioned user, When each above-mentioned element is selected, the associated word of the selecting sequence in the guidance character string with above-mentioned generation is shown in the element Symbol,

Above-mentioned full update section is handled by carrying out following (x) and (y) in the position in the table come to each in above-mentioned table Position distribution guidance character:

(x) to will by the newly assigned selecting sequence of above-mentioned user is selected position distribution with above-mentioned guidance character string in The associated character of selecting sequence,

(y) position other than the position selected the newly assigned selecting sequence of above-mentioned user is not repeatedly distributed at random Character,

Any of table associated with above-mentioned multiple Resource Servers is being prompted to above-mentioned user by above-mentioned prompting part When, the element of the guidance character distributed each position in the table and each position is prompted to above-mentioned user.

In addition, this Verification System includes reminding terminal, access terminal, Resource Server,

(a) above-mentioned access terminal

Above-mentioned Resource Server is sent by the request of the user from the resource that utilize above-mentioned Resource Server,

(b) above-mentioned Resource Server is when receiving the above-mentioned request sent,

Login frame is sent to above-mentioned access terminal,

(c) above-mentioned access terminal is when receiving the above-mentioned login frame sent,

The above-mentioned login frame received is prompted to above-mentioned user,

(d) above-mentioned prompting terminal

The table stored in association with above-mentioned Resource Server is prompted to above-mentioned user,

By the report that the message of above-mentioned table has been prompted above-mentioned user send management server or above-mentioned Resource Server,

(e) above-mentioned access terminal,

The input field for including in the login frame of above-mentioned prompt is received from above-mentioned user by dividing in advance by above-mentioned user Password obtained from the selecting sequence matched is extracted the element of the table of above-mentioned prompt and arranged,

Above-mentioned Resource Server is sent by the above-mentioned password received,

(f) above-mentioned management server or above-mentioned Resource Server,

When receiving above-mentioned report, the effective period of time at the time point comprising receiving this report is determined,

(g) above-mentioned Resource Server,

If the time point for receiving above-mentioned password is included in the effective period of time of above-mentioned decision, it is based on above-mentioned reception To password come determine for the above-mentioned request from above-mentioned user could.

In addition, can be constituted as follows in this Verification System,

Above-mentioned report is sent above-mentioned management server by above-mentioned prompting terminal,

Above-mentioned Resource Server receives above-mentioned close to the above-mentioned effective period of time of above-mentioned management server inquiry or inquiry Whether the time point of code is included in the effective period of time of above-mentioned decision.

In addition, can be constituted as follows in this Verification System,

Above-mentioned prompting terminal sends above-mentioned report to above-mentioned management server,

Above-mentioned access terminal to above-mentioned management server inquire above-mentioned effective period of time or inquiry current point in time whether In the effective period of time of above-mentioned decision,

It is above-mentioned can be received from above-mentioned user if (i) current point in time is in the effective period of time of above-mentioned decision The mode of password sets above-mentioned input field,

If (j) the above-mentioned effective period of time of determined or current point in time are outside the effective period of time of above-mentioned decision, Above-mentioned input field is set in a manner of not receiving above-mentioned password from above-mentioned user.

In addition, can be constituted as follows in this Verification System,

Above-mentioned access terminal is worked as to be received and above-mentioned Resource Server phase from the above-mentioned user for being prompted above-mentioned login frame When the instruction of the prompting display of pass, sends above-mentioned management server to above-mentioned prompting terminal and notifies,

Above-mentioned prompting terminal prompts above-mentioned user related to above-mentioned Resource Server using receiving above-mentioned notice as opportunity The above-mentioned table of connection ground storage.

In addition, can be constituted as follows in this Verification System,

The prompting terminal of above-mentioned table has been prompted to receive from above-mentioned user the input of password above-mentioned user, and by above-mentioned input Password transmission give above-mentioned access terminal,

The above-mentioned login frame of Password Input that above-mentioned access terminal carrys out above-mentioned transmitting.

In addition, can be constituted as follows in this Verification System,

Above-mentioned prompting terminal,

After storing above-mentioned table in association with above-mentioned Resource Server, it have passed through associated with above-mentioned Resource Server Renewal time section when, generate new table at random,

Promote above-mentioned user to carry out following actions, is by by upper by the password update relative to above-mentioned Resource Server State the pre-assigned above-mentioned selecting sequence of user extract above-mentioned generation table element and password new obtained from arranging,

When being above-mentioned new password by the password update relative to above-mentioned Resource Server, with above-mentioned Resource Server phase Associatedly store above-mentioned new table.

In addition, can be constituted as follows in this Verification System,

The table of above-mentioned prompt includes additional element in marge,

Above-mentioned password is incited somebody to action by the element by the table for extracting above-mentioned prompt to the pre-assigned selecting sequence of above-mentioned user It arranges together with the additional element that the marge of the table of above-mentioned prompt is included and obtains.

In addition, can be constituted as follows in this Verification System,

Above-mentioned Verification System includes other Resource Servers,

Above-mentioned other Resource Servers are received from above-mentioned access terminal from utilizing above-mentioned other Resource Servers When other requests of the above-mentioned user of resource, based on relative to above-mentioned Resource Server above-mentioned request determine could and The period of the decision, determine relative to above-mentioned other requests from above-mentioned user could.

This prompting terminal includes:

Storage unit stores table associated with each Resource Server of multiple Resource Servers；

Prompting part, according to the instruction for the user for selecting any one from above-mentioned multiple Resource Servers, by with above-mentioned selection The table that Resource Server is stored in above-mentioned storage unit in association is prompted to above-mentioned user,

It include the information generated at random in each element of table associated with above-mentioned each Resource Server,

By being mentioned from table associated with above-mentioned each Resource Server by the pre-assigned selecting sequence of above-mentioned user It takes element and arranges, obtain the password that could be utilized for determining the resource of above-mentioned each Resource Server.

In addition, this prompting terminal can be constituted as follows,

It further include transmission unit, to management server or above-mentioned each Resource Server hair associated with the table of above-mentioned prompt Serve the report for stating the message that table has been prompted to above-mentioned user.

In addition, this prompting terminal can be constituted as follows, further includes:

Table generating unit, by above-mentioned table associated with each Resource Server of above-mentioned multiple Resource Servers and above-mentioned each money After source server stores in association, after renewal time section associated with above-mentioned each Resource Server, new table is generated；

Password update portion promotes above-mentioned user or the above-mentioned management server of order to be acted as follows, will be used for decision Stating user could be by by pre-assigned above-mentioned to above-mentioned user using the password update of the resource of above-mentioned Resource Server Selecting sequence password new obtained from extracting the element of the table of above-mentioned generation and being arranged；

Table registration unit will be used to determine that above-mentioned user could to be using the password update of resource of above-mentioned Resource Server When above-mentioned new password, above-mentioned new table is stored in association with above-mentioned Resource Server.

In addition, this prompting terminal can be constituted as follows, further includes:

Receiving unit is received from the user and is newly distributed the pre-assigned selecting sequence of above-mentioned user and the above-mentioned user of reply Selecting sequence input；

Regular generating unit, when receiving above-mentioned input,

(s) content for the element extracted by above-mentioned pre-assigned selecting sequence is moved to and answers newly assigned choosing by above-mentioned The element that sequence is extracted is selected,

(t) by the content random movement of the element other than the element extracted by above-mentioned pre-assigned selecting sequence to by upper State the element other than the element for answering newly assigned selecting sequence to extract；

Full update section passes through each Resource Server of the transformation rule conversion and above-mentioned multiple Resource Servers of above-mentioned generation It is stored in the table of above-mentioned storage unit in association, thus updates all tables that should be stored in above-mentioned storage unit.

In addition, this prompting terminal can be constituted as follows,

The table of above-mentioned storage includes additional element in marge,

Above-mentioned password is incited somebody to action by the element by the table for extracting above-mentioned prompt to the pre-assigned selecting sequence of above-mentioned user It arranges together with the additional element that the marge of the table of above-mentioned storage is included and obtains.

In addition, this prompting terminal can be constituted as follows,

Before being received by above-mentioned receiving unit, generate have with the length equal length of above-mentioned selecting sequence and Guidance character string without duplicate character,

Above-mentioned receiving unit,

(u) by, from table selection element, receiving the input to the pre-assigned selecting sequence of above-mentioned user by above-mentioned user, When each above-mentioned element is selected, the associated word of the selecting sequence in the guidance character string with above-mentioned generation is shown in the element Symbol,

(v) by by above-mentioned user from table select element, receive will to the input of the newly assigned selecting sequence of above-mentioned user, When each above-mentioned element is selected, the associated word of the selecting sequence in the guidance character string with above-mentioned generation is shown in the element Symbol,

Above-mentioned full update section is handled by carrying out following (x) and (y) in the position in the table come to each in above-mentioned table Position distribution guidance character:,

(x) to will by the newly assigned selecting sequence of above-mentioned user is selected position distribution with above-mentioned guidance character string in The associated character of selecting sequence,

(y) not repeatedly dividing at random by the position other than the position selected the newly assigned selecting sequence of above-mentioned user With character

In addition, can be constituted as follows in this prompting terminal,

Above-mentioned prompting part when either one or two of table associated with above-mentioned multiple Resource Servers is prompted to above-mentioned user, Also above-mentioned user will be prompted to together with the element of each position to the guidance character of each position distribution in the table.

The present invention does not depart from sensu lato spirit and scope of the invention and can carry out various embodiments and deformation.Separately Outside, above-mentioned embodiment is not limited the scope of the invention for illustrating the present invention.That is, the scope of the present invention does not pass through implementation Mode indicates, and is indicated by the scope of the claims.Moreover, in the scope of the claims and the meaning of the invention same with it In the range of the various modifications implemented be considered as within the scope of the invention.

In this application, advocate for World Intellectual Property Organization with application in Heisei 26 years (2014) September 8th (moon) Priority based on International Application Serial No. PCT/JP2014/073704, as long as the decree of designated state is permitted, by basis application Content is incorporated into the application.

Industrial Availability

Resource Server is utilized for determining to be directed to according to the present invention it is possible to provide and be suitable for managing by reminding terminal The request of resource could the Verification System of password, the prompting terminal and computer is made to work as the prompting terminal The non-transitory computer-readable information recording medium for being stored with program.

Symbol description

101 Verification Systems

121 remind terminal

141 access terminals

161 Resource Servers

181 management servers

191 computer communication networks

201 storage units

202 prompting parts

203 transmission units

204 table generating units

205 identification number register portions

206 table registration units

207 receiving units

208 regular generating units

209 full update section

301 tables

303 server IDs

304 user names

305 additional elements

311 navigation

312 navigation

313 navigation

321 completing buttons

322 cancel buttons

501 browsers

502 URL bars

503 content bars

511 login frames

512 user name columns

513 password fields

514 login buttons

521 plug-in unit icons

551 tentative tables

552 forwarding buttons

561 migration tables

562 more new buttons

Claims (10)

1. a kind of Verification System, including remind terminal, Resource Server, management server and access terminal, wherein

(A) the prompting terminal includes:

Table generating unit generates the table with the character string for including in each element, what the character string was randomly generated；

Identification number register portion, makes the table of generation described in user discrimination, and the user is promoted to carry out following actions,

(1) element is extracted from the table recognized by the pre-assigned selecting sequence of the user, and want extracted The character string for including in element is arranged, to obtain registration character string,

(2) obtained registration is updated with character string or registers or is registered as the user name of the user in the resource recently The password of server；

The table of the combination and the identification of storage unit, the Resource Server name that the Resource Server is had and the user name It is stored in association；

Prompting part will be stored in association with described combine when selecting the combination by instruction from the user The table is prompted to the user, and the user is promoted to carry out following actions,

(a) element is extracted from suggested table by the selecting sequence distributed in advance the user, and want extracted The character string for including in element is arranged, to obtain certification character string,

(b) obtained certification is used to utilize by the user name request of the resource of the Resource Server with character string Password；

Transmission unit, send with the report combined the table stored in association and be prompted to the message of the user,

(B) management server,

When being received by the management server from the report that the prompting terminal is sent, set relevant to the report Corresponding effective period of time is combined, the effective period of time includes the time point that the management server receives the report,

(C) Resource Server,

It is described when being sent to using the request of the resource of the Resource Server from the access terminal by the user name Resource Server and password relevant to the request and the password registered in the Resource Server for the user name When consistent, Xiang Suoshu management server sends inquiry relevant to the user name,

(D) management server,

When the inquiry is received by the management server, determine permissive condition " for the promoter as the inquiry Resource Server server name and the relevant user name of the inquiry combination setting effective period of time in, the management Server receives the inquiry " it is whether true, and the answer for indicating the result of the judgement is sent to the resource and is taken Business device,

(E) Resource Server,

If the answer is received by the Resource Server and received answer indicates that the permissive condition is set up, It will then be used to be sent to the access terminal using the response of the resource of the Resource Server.

2. Verification System according to claim 1, which is characterized in that

If the access terminal and described terminal is reminded to pass through the wired connection or wireless connection established in defined distance It being communicatively coupled, then the report is sent to the access terminal via the wired connection or the wireless connection,

If for from access terminal input and the related user name of the utilization request of resource of the Resource Server and The login frame of password is shown on the picture of the access terminal, and clothes related with the combination in the prompting terminal selection Business device name is the server name of the Resource Server, then the access terminal will combine relevant user name with selected The user name column of the login frame is inputted,

The prompting terminal makes the user select element from the table of the prompt,

The prompting terminal obtains transmitting character by arranging the character string for including in the selected element String,

Obtained transmitting character string is transmitted to institute via the wired connection or the wireless connection by the prompting terminal Access terminal is stated,

The transmitting transmitted from the prompting terminal is inputted the password field of the login frame by the access terminal with character string.

3. Verification System according to claim 2, which is characterized in that

The prompting terminal prompts the table in such a way that the character string for including in each element of the table is hidden,

The prompting terminal is by the cipher mode with the Resource Server time synchronization, to including in the selected element Character string encrypted, to obtain the transmitting character string,

The Resource Server, if certification relevant to the request be decrypted with character string by the cipher mode It is resulting afterwards that have decrypted character string consistent with the password registered to the user name, it is determined that password relevant to the request with It is consistent to the password of user name registration.

4. Verification System according to claim 3, which is characterized in that

When each user selects the element from the table of the prompt, the prompting terminal will wrap in selected element The character string included passes to the access terminal after encrypting by the cipher mode,

When delivering the character string encrypted from the prompting terminal every time, the access terminal is close the login frame Code column additionally inputs the character string encrypted transmitted and.

5. Verification System according to claim 4, which is characterized in that

The prompting terminal,

The table is generated, and is randomly given birth to the different types of type with the character string for including in each element of the table At including the character in additional element,

Table generated and additional element generated are presented to user so that table described in the user discrimination,

Registration character string and the certification are by by the element of the extraction and described additional wanting with character string The character string for including in element is arranged and is respectively obtained.

6. Verification System according to claim 4, which is characterized in that

With it is described combine store the table in association after, have passed through and described to combine relevant Resource Server related When the renewal time section of connection,

The table generating unit generates new table,

The identification number register portion makes the new table of generation described in the user discrimination, and the user is made to carry out following actions,

(1) element is extracted from the new table recognized by the pre-assigned selecting sequence of the user, is wanted extracted The character string for including in element is arranged, to obtain new registration character string,

(2) it updates and registers obtained new registration and use character string as being directed to and with described combine relevant user name in institute The password of Resource Server is stated,

The prompting terminal further includes table registration unit, and the table registration unit is storing institute with described combine in associated storage unit State new table.

7. Verification System according to claim 4, which is characterized in that further include:

Receiving unit receives the input to the pre-assigned selecting sequence of the user from the user and newly to divide the user The input for the selecting sequence matched；

Regular generating unit generates following transformation rule when receiving the input,

(s) content for the element extracted by the pre-assigned selecting sequence is moved to suitable by the newly assigned selection The element that sequence is extracted,

(t) by the content random movement of the element other than the element extracted by the pre-assigned selecting sequence to will be by described Element other than the element that newly assigned selecting sequence is extracted；

Full update section is stored in the table of the storage unit by the transformation rule conversion of the generation, updates storage and deposit in described All tables in storage portion.

8. Verification System according to claim 7, wherein

The prompting terminal,

Before being received by the receiving unit, generating has the length equal length with the selecting sequence and is free of The guidance character string of duplicate character,

The receiving unit,

(u) by selecting element from table by the user, the input to the pre-assigned selecting sequence of the user is received, often When the secondary element is selected, the associated word of the selecting sequence in the guidance character string with the generation is shown in the element Symbol,

(v) by selecting element from table by the user, reception will be to the input of the newly assigned selecting sequence of the user, often When the secondary element is selected, the associated word of the selecting sequence in the guidance character string with the generation is shown in the element Symbol,

The full update section is by carrying out following (x) and (y) processing in the position in the table come to everybody in the table Set distribution guidance character:

(x) to will by the newly assigned selecting sequence of the user is selected position distribution with it is described guidance character string in selection Order dependent character,

(y) word is not repeatedly being distributed at random by the position other than the position selected the newly assigned selecting sequence of the user Symbol,

The prompting part, will be right when any one table in table associated with multiple Resource Servers is prompted to the user The guidance character of each position distribution and the element of each position in the table are prompted to the user.

9. Verification System according to claim 1, wherein

The Resource Server and the management server are realized by individual server computer.

10. a kind of non-volatile computer readable information recording medium for being stored with program, wherein

Described program makes computer be used as each section as claimed in claim 4 for reminding terminal.